Abstract
The increasing number of attacks against the Internet of Things (IoT) has made IoT forensics critically important for reporting and mitigating cyber incidents and crimes. However, the heterogeneity of IoT environments and the complexity and volume of IoT data present significant challenges to forensic practitioners. The advent of question answering (QA) systems and large language models (LLM) offers a potential solution to accessing sophisticated IoT forensic knowledge and data. In light of this, we propose ForensiQ, a framework based on knowledge graph question answering (KGQA), to help investigators navigate complex IoT forensic artifacts and cybersecurity knowledge. Our framework integrates knowledge graphs (KG) into the IoT forensic workflow to better organize and analyze forensic artifacts. We also have developed a novel KGQA model that serves as a natural-language user interface to the IoT forensic KG. Our evaluation results show that, compared to existing KGQA models, ForensiQ demonstrates higher accuracy in answering natural language questions when applied to our experimental IoT forensic KG.
This work was supported in part by the National Science Foundation (award no. 1663105) and National Security Agency (award no. H98230-20-1-0408).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Alabdulsalam, S., Schaefer, K., Kechadi, T., Le-Khac, N.-A.: Internet of things forensics – challenges and a case study. In: DigitalForensics 2018. IAICT, vol. 532, pp. 35–48. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99277-8_3
Atlam, H.F., Hemdan, E.E.D., Alenezi, A., Alassafi, M.O., Wills, G.B.: Internet of things forensics: a review. Internet Things 11, 100220 (2020)
Busbridge, D., Sherburn, D., Cavallo, P., Hammerla, N.Y.: Relational graph attention networks. arXiv preprint arXiv:1904.05811 (2019)
Chen, Y., Kuang, J., Cheng, D., Zheng, J., Gao, M., Zhou, A.: AgriKG: an agricultural knowledge graph and its applications. In: Database Systems for Advanced Applications, pp. 533–537 (2019)
Dadkhah, S., Mahdikhani, H., Danso, P.K., Zohourian, A., Truong, K.A., Ghorbani, A.A.: Towards the development of a realistic multidimensional IoT profiling dataset. In: 2022 19th Annual International Conference on Privacy, Security & Trust (PST), pp. 1–11 (2022)
Daniele, L., den Hartog, F., Roes, J.: Created in close interaction with the industry: the smart appliances REFerence (SAREF) ontology. In: Formal Ontologies Meet Industry, pp. 100–112 (2015)
Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: BERT: pre-training of deep bidirectional transformers for language understanding. In: Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers), pp. 4171–4186 (2019)
Dosis, S., Homem, I., Popov, O.: Semantic representation and integration of digital evidence. Procedia Comput. Sci. 22, 1266–1275 (2013). https://doi.org/10.1016/j.procs.2013.09.214
Ekelhart, A., Ekaputra, F.J., Kiesling, E.: The SLOGERT framework for automated log knowledge graph construction. In: The Semantic Web, pp. 631–646 (2021)
Ellison, D., Ikuesan, R.A., Venter, H.S.: Ontology for reactive techniques in digital forensics. In: 2019 IEEE Conference on Application, Information and Network Security (AINS), pp. 83–88 (2019)
Haller, A., Janowicz, K., Cox, S., Phuoc, D.L., Taylor, K., LefrançSois, M.: Semantic sensor network ontology. W3c recommendation, W3C (2017)
He, P., Zhu, J., Zheng, Z., Lyu, M.R.: Drain: an online log parsing approach with fixed depth tree. In: 2017 IEEE International Conference on Web Services (ICWS), pp. 33–40 (2017)
He, S., Zhu, J., He, P., Lyu, M.R.: Loghub: a large collection of system log datasets towards automated log analytics. arXiv preprint arXiv:2008.06448 (2020)
Huang, X., Zhang, J., Li, D., Li, P.: Knowledge graph embedding based question answering. In: Proceedings of the Twelfth ACM International Conference on Web Search and Data Mining, pp. 105–113 (2019)
Janarthanan, T., Bagheri, M., Zargari, S.: IoT forensics: an overview of the current issues and challenges. In: Montasari, R., Jahankhani, H., Hill, R., Parkinson, S. (eds.) Digital Forensic Investigation of Internet of Things (IoT) Devices. ASTSA, pp. 223–254. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-60425-7_10
Karagiannis, C., Vergidis, K.: Digital evidence and cloud forensics: contemporary legal challenges and the power of disposal. Information 12(5), 181 (2021)
Kiesling, E., Ekelhart, A., Kurniawan, K., Ekaputra, F.: The SEPSES knowledge graph: an integrated resource for cybersecurity. In: The Semantic Web – ISWC 2019, pp. 198–214 (2019)
Koroniotis, N., Moustafa, N., Sitnikova, E.: A new network forensic framework based on deep learning for internet of things networks: a particle deep framework. Futur. Gener. Comput. Syst. 110, 91–106 (2020)
Li, A., Wei, Q., Han, C., Xing, X.: Research on the construction of smart care question answering system based on knowledge graph. Procedia Comput. Sci. 214, 1595–1602 (2022)
Li, M., Ji, S.: Semantic structure based query graph prediction for question answering over knowledge graph. In: Proceedings of the 29th International Conference on Computational Linguistics, pp. 1569–1579 (2022)
Li, S., Choo, K.K.R., Sun, Q., Buchanan, W.J., Cao, J.: IoT forensics: amazon echo as a use case. IEEE Internet Things J. 6(4), 6487–6497 (2019)
Liu, Y., et al.: RoBERTa: a robustly optimized BERT pretraining approach. arXiv preprint arXiv:1907.11692 (2019)
Omar, R., Mangukiya, O., Kalnis, P., Mansour, E.: ChatGPT versus traditional question answering for knowledge graphs: current status and future directions towards knowledge graph Chatbots. arXiv preprint arXiv:2302.06466 (2023)
oneM2M: oneM2M Technical Specification TS-0012-V3.7.3. onem2m technical specification, oneM2M (2021)
Rizal, R., Riadi, I., Prayudi, Y.: Network forensics for detecting flooding attack on internet of things (IoT) device. Int. J. Cyber-Secur. Digit. Forensics 7(4), 382–390 (2018)
Rohith, R., et al.: SCAPY- a powerful interactive packet manipulation program. In: 2018 International Conference on Networking, Embedded and Wireless Systems (ICNEWS), pp. 1–5 (2018)
Saxena, A., Tripathi, A., Talukdar, P.: Improving multi-hop question answering over knowledge graphs using knowledge base embeddings. In: Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics, pp. 4498–4507 (2020)
Shi, J., Cao, S., Hou, L., Li, J., Zhang, H.: TransferNet: an effective and transparent framework for multi-hop question answering over relation graph. In: Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing, pp. 4149–4158 (11 2021)
Sikos, L.F.: Knowledge representation to support partially automated honeypot analysis based on wireshark packet capture Files. In: Intelligent Decision Technologies 2019, pp. 345–351 (2020)
Sikos, L.F.: AI in digital forensics: ontology engineering for cybercrime investigations. Wiley Interdisc. Rev. Forensic Sci. 3(3), e1394 (2021)
Tan, Y., et al.: Evaluation of ChatGPT as a question answering system for answering complex questions. arXiv preprint arXiv:2303.07992 (2023)
Tan, Y., et al.: Research on knowledge driven intelligent question answering system for electric power customer service. Procedia Comput. Sci. 187, 347–352 (2021)
Wu, T., Breitinger, F., Baggili, I.: IoT ignorance is digital forensics research bliss: a survey to understand IoT forensics definitions, challenges and future research directions. In: Proceedings of the 14th International Conference on Availability, Reliability and Security (2019). https://doi.org/10.1145/3339252.3340504
Yun, F., Feng, Z., Baofeng, L., Yongfeng, C.: Research on intelligent fault diagnosis of power acquisition based on knowledge graph. In: 2019 3rd International Conference on Electronic Information Technology and Computer Engineering (EITCE), pp. 1737–1740 (2019)
Zawoad, S., Hasan, R., Skjellum, A.: OCF: an open cloud forensics model for reliable digital forensics. In: 2015 IEEE 8th International Conference on Cloud Computing, pp. 437–444. IEEE (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Zhang, R., Xie, M. (2024). ForensiQ: A Knowledge Graph Question Answering System for IoT Forensics. In: Goel, S., Nunes de Souza, P.R. (eds) Digital Forensics and Cyber Crime. ICDF2C 2023. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 571. Springer, Cham. https://doi.org/10.1007/978-3-031-56583-0_20
Download citation
DOI: https://doi.org/10.1007/978-3-031-56583-0_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-56582-3
Online ISBN: 978-3-031-56583-0
eBook Packages: Computer ScienceComputer Science (R0)